Gaming (in)security: EA Origin vulnerability; some Microsoft Xbox Live accounts hacked

Sometimes a walk in the cloud can come with pitfalls:

• For Electronic Arts, the hits just keep coming. A bug in EA’s Origin online-gaming platform/store puts player PCs at risk of being hijacked, according to a couple of security researchers. EA has acknowledged it is investigating the flaw, which takes advantage of the ability of users to start games remotely, according to Ars Technica. Time points out that the security report is from last month. But it was demonstrated at the Black Hat security conference in Amsterdam last week, said the BBC, and could affect millions of Origin users. Just add the security concerns to the Redwood City company’s recent woes, which include a botched launch of “SimCity,” and the surprise resignation Monday of CEO John Riccitiello. Coverage about the CEO’s exit had pointed to the growth of EA’s digital division under Riccitiello as a bright spot.

• In other gaming security news, Microsoft has acknowledged that Xbox Live accounts of some of its high-profile employees have been hacked, raising questions about security for its not-so-high-profile customers. The breach came to light as security researcher Brian Krebs has detailed the hack attack against him. Microsoft told the Verge: ”We are aware that a group of attackers are using several stringed social engineering techniques to compromise the accounts of a handful of high-profile Xbox Live accounts held by current and former Microsoft employees.” The company says it’s working with law enforcement. Krebs writes that the attacks involved selling the Xbox Live accounts of Microsoft employees after obtaining things such as their Social Security numbers and using them to hijack their “gamertags.”

Levi Sumagaysay (2955 Posts)

Levi Sumagaysay is editor of the combined SiliconBeat and Good Morning Silicon Valley. She also blogs and is the online producer for SiliconValley.com, the Mercury News tech website. Email: lsumagaysay (at) mercurynews (dot-com).